lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180222021147.GA2855@linux.vnet.ibm.com>
Date:   Wed, 21 Feb 2018 18:11:47 -0800
From:   "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:     Byungchul Park <byungchul.park@....com>
Cc:     jiangshanlai@...il.com, josh@...htriplett.org, rostedt@...dmis.org,
        mathieu.desnoyers@...icios.com, linux-kernel@...r.kernel.org,
        kernel-team@....com
Subject: Re: [QUESTION] srcu: Remove the SCAN2 state

On Thu, Feb 22, 2018 at 08:57:27AM +0900, Byungchul Park wrote:
> Hello,
> 
> I'm sorry for bothering you, and I seem to be obviously missing
> something, but I'm really wondering why we check try_check_zero()
> again in the state, SCAN1, for the previous srcu_idx.
> 
> I mean, since we've already checked try_check_zero() in the previous
> grace period and gotten 'true' as a return value, all readers who see
> the flipped idx via srcu_flip() won't update the src_{lock,unlock}_count
> for the previous idx until it gets flipped back again.
> 
> Is there any reasons we check try_check_zero() again in the state, SCAN1?
> Is there any problems if the following patch's applied?

Indeed there are!  Removing the second scan exposes us to a nasty race
condition where a reader is preempted (or interrupted or whatever) just
after fetching its counter.  A detailed explanation for an essentially
equivalent race in userspace RCU may be found on the second column of
page 7 of this PDF:

http://www.computer.org/cms/Computer.org/dl/trans/td/2012/02/extras/ttd2012020375s.pdf

But please let me know if I am missing the point of your patch below.

							Thanx, Paul

> Thanks in advance,
> Byungchul
> 
> ---
>  kernel/rcu/srcutree.c | 16 +---------------
>  1 file changed, 1 insertion(+), 15 deletions(-)
> 
> diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
> index 39e50fe..215c44a 100644
> --- a/kernel/rcu/srcutree.c
> +++ b/kernel/rcu/srcutree.c
> @@ -1125,24 +1125,10 @@ static void srcu_advance_state(struct srcu_struct *sp)
>  			mutex_unlock(&sp->srcu_gp_mutex);
>  			return; /* Someone else started the grace period. */
>  		}
> -	}
> -
> -	if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN1) {
> -		idx = 1 ^ (sp->srcu_idx & 1);
> -		if (!try_check_zero(sp, idx, 1)) {
> -			mutex_unlock(&sp->srcu_gp_mutex);
> -			return; /* readers present, retry later. */
> -		}
>  		srcu_flip(sp);
> -		rcu_seq_set_state(&sp->srcu_gp_seq, SRCU_STATE_SCAN2);
>  	}
> 
> -	if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN2) {
> -
> -		/*
> -		 * SRCU read-side critical sections are normally short,
> -		 * so check at least twice in quick succession after a flip.
> -		 */
> +	if (rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)) == SRCU_STATE_SCAN1) {
>  		idx = 1 ^ (sp->srcu_idx & 1);
>  		if (!try_check_zero(sp, idx, 2)) {
>  			mutex_unlock(&sp->srcu_gp_mutex);
> -- 
> 1.9.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ